# Meeting Link Query Parameters

Meeting Links can accept certain information through query parameters present in the URL. This is incredibly useful when integrating Meeting Links with your application or process. Query parameters in Meeting Links allow you to prefill information and programmatically provide access.&#x20;

{% hint style="info" %}
Query parameters are the values that follow the "?" character in a URL. If you are unfamiliar with them, this [Wikipedia page](https://en.wikipedia.org/wiki/Query_string) provides a good explanation of both query parameters and URL encoding.&#x20;
{% endhint %}

## Basic Usage

```
https://demo.meetbit.io/meetings/11234?name=John%20Luca&email=john.luca@example.com
```

## Query Parameter Settings

By default, Meeting Links ignore all query parameters but can be set to accept all query parameters or to accept only encrypted query parameters.

## Accepted Query Parameters

{% hint style="info" %}
Values passed through query parameters must be URL encoded.
{% endhint %}

Meeting Links can accept the following query parameters:

<table><thead><tr><th>Field</th><th>Field Name</th><th>Format</th><th data-hidden>Normal Key</th><th data-hidden>Notes</th></tr></thead><tbody><tr><td>Password</td><td>password, mb_password, mbe_password</td><td>String(max 255 characters).</td><td>password, mb_password</td><td></td></tr><tr><td>Name</td><td>name, mb_name, mbe_name</td><td>String(max 255 characters).</td><td>name, mb_name</td><td></td></tr><tr><td>Email</td><td>email, mb_email, mbe_email</td><td>String(max 255 characters). Must be a valid email format.</td><td>email, mb_email</td><td></td></tr><tr><td>Contact Number</td><td>contact, mb_contact, mbe_contact</td><td><a href="https://www.twilio.com/docs/glossary/what-e164">E164 phone number format</a>.</td><td>contact, mb_contact</td><td></td></tr></tbody></table>

* Field names prefixed with `mbe_` are reserved for encrypted values.&#x20;
* If multiple values under different field names are supplied for the same field, the order of prioritization is as follows:
  * Encrypted (with `mbe_` prefix).
  * With `mb_` prefix
  * Without prefix
* If a Meeting Link is set to accept all query parameters and both non-encrypted and encrypted field names are present, the encrypted value takes precedence.
* If supplied parameters are not in the accepted format or encrypted values are not correctly encrypted, these values will be ignored.
* If a Meeting Link's page design is set to not display the customer detail page, the following scenarios will lead to an error when opening the Meeting Link:
  * Required fields are not supplied through query parameters.
  * Encrypted parameters are not correctly encrypted.
  * Supplied values are not in an accepted format.

## Encrypted Query Parameters

To obscure information in the URL, you may encrypt query parameters. This is our recommendation: **encrypt query parameters and set Meeting Links to only accept encrypted query parameters.**

To encrypt data for query parameters, proceed to the following instructions:

* Use the **AES 256 CTR** encryption algorithm.
* Use the provided **HEX-Encoded 32-Bit Key** as the encryption key available on the Meeting Link's page in the Admin Panel.
* Make sure that the **Initialization Vector Length is 16**.
* **Encrypted strings** to be passed as query parameters must be **HEX Encoded** and is a **concatenation of the Initialization Vector and the Encryption Result**. Eg:
  * Initialization Vector: `2e74c3c4aafaa9082e8f0b366673ae06e258a45af08909ac26b88238b206e6ff`
  * Encryption Result: `b68dd6bb583bd7c03ca3a4bab4e`
  * Encryption String: `2e74c3c4aafaa9082e8f0b366673ae06e258a45af08909ac26b88238b206e6ffb68dd6bb583bd7c03ca3a4bab4e`
* Since the encryption process uses a private key, **encryption should always be made server-side**. In no instance should this be done through a front-end web application. **The key should be kept private at all times** and all measures to keep this so must be taken (no hard-coding etc.).&#x20;

### Example Encryption Code

{% tabs %}
{% tab title="Javascript" %}
{% code overflow="wrap" %}

```javascript
const crypto = require("crypto");

const encrypt = (text, key) => {
	
  /* CREATE IV */
  let iv = crypto.randomBytes(16);

  /* INIT CIPHER */
  let cipher = crypto.createCipheriv(
    "aes-256-ctr",
    Buffer.from(key, "hex"),
    iv
  );

  /* ENCRYPT TEXT */
  let encrypted = cipher.update(text);
  encrypted = Buffer.concat([encrypted, cipher.final()]);

  return iv.toString("hex") + encrypted.toString("hex");
}
```

{% endcode %}
{% endtab %}

{% tab title="PHP" %}
{% code overflow="wrap" %}

```php
function encrypt(string $text, string $key): string
{
  if (!preg_match('/[0-9A-Fa-f]{64}/', $key)) {
    throw new Exception("key is not hex or is malformed.");
  }

  /* CREATE IV */
  $iv = random_bytes(16);

  /* ENCRYPT TEXT */
  $encrypted = openssl_encrypt(
    $text,
    'aes-256-ctr',
    hex2bin($key),
    0,
    $iv
  );

  if ($encrypted === false) {
    throw new Exception("Encryption failed.");
  }

  return bin2hex($iv) . bin2hex($encrypted);
}
```

{% endcode %}
{% endtab %}
{% endtabs %}
Field	Field Name	Format	Normal Key
Password	password, mb_password, mbe_password	String(max 255 characters).	password, mb_password
Name	name, mb_name, mbe_name	String(max 255 characters).	name, mb_name
Email	email, mb_email, mbe_email	String(max 255 characters). Must be a valid email format.	email, mb_email
Contact Number	contact, mb_contact, mbe_contact	E164 phone number format.	contact, mb_contact